commit: 68aaf1bdd20dbab2a2f088490cbde0a94d1a5bf2
Author: Kerin Millar <kfm <AT> plushkava <DOT> net>
AuthorDate: Mon Jun 16 11:52:11 2025 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jun 17 03:00:39 2025 +0000
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=68aaf1bd
emerge-webrsync: check whether gpg(1) succeeds in
check_file_signature_gpg_unwrapped()
Presently, the check_file_signature_gpg_unwrapped() function will create
an ephemeral keyring in the case that the 'PORTAGE_GPG_DIR' variable is
unset or empty. It then proceeds to import Gentoo's public key block
from "gentoo-release.asc". However, it does not check the exit status of
gpg(1) afterwards. Rectify this defect.
Signed-off-by: Kerin Millar <kfm <AT> plushkava.net>
Signed-off-by: Sam James <sam <AT> gentoo.org>
bin/emerge-webrsync | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync
index b64f71d6d4..f32336f05d 100755
--- a/bin/emerge-webrsync
+++ b/bin/emerge-webrsync
@@ -305,9 +305,9 @@ check_file_signature_gpg_unwrapped() {
# empty. Create a temporary directory to contain an
# ephemeral keyring into which Gentoo's distributed
# public key block shall be imported.
- gpgdir=$(mktemp -d --
"${PORTAGE_TMPDIR}/portage/webrsync.XXXXXX") || exit
-
- gpg --no-default-keyring --homedir "${gpgdir}" --batch
--import "${key}"
+ gpgdir=$(mktemp -d --
"${PORTAGE_TMPDIR}/portage/webrsync.XXXXXX") \
+ && gpg --no-default-keyring --homedir "${gpgdir}"
--batch --import "${key}" \
+ || exit
elif [[ ! -w ${gpgdir} ]] ; then
die "gpgdir is not writable: ${gpgdir}"
fi
